Cloud computing is a rapidly growing industry. Cloud-based applications allow organizations to minimize up-front IT infrastructure costs while increasing accessibility. However, by making resources available on the public internet, unauthorized access is a constant concern. For example, a hacker may use stolen credentials to download emails, or a friend may use shared Netflix® credentials in violation of an end user licensing agreement.
It has proved challenging to determine when shared or stolen credentials are being used. Many events that appear unauthorized are in fact benign. Hand-written rules have proved ineffective at distinguishing legitimate use from foul play.
Detecting unauthorized access to cloud-based resources is a technological problem in the software arts, not an abstract idea for which computers are invoked as a tool. One technological challenge to distinguishing malicious events from benign events is the ability of people to mimic being in different places around the world via virtual private networking (VPN). VPNs, and other techniques for remotely controlling a computing device, enable a person to legitimately appear to be in two places at once. Other challenges include distinguishing unauthorized access from autonomous bots and other scenarios in which cloud access appears to be caused by different people but is in fact caused by an agent on behalf of a user.
It is with respect to these and other technological challenges that the disclosure made herein is presented.